Practice Linux Penetration Testing Skills with Metasploitable

Okay, you have been reading up on computer security, and even played around with Backtrack some. You have been gaining some penetration testing skills, but now you want to try them out. What do you do?

There are several sites that exist that allow you to (legally) test your abilities, but why not try them out on Metasploit’s own Metasploitable?

Metasploitable is a VMWare Ubuntu 8.04 image that is purposefully left with several vulnerabilities so you can check out your mad skills. Okay, before I get a bunch of e-mails about this, yes Ubuntu (Linux) has vulnerabilities. That is why you need to update your Linux software just as you would your Windows boxes.

Metasploitable is running several services that have not been patched and it is a non-persistant image (changes are not saved) so you can play to your hearts content and if you really mess up, just re-boot and the Ubuntu image will be restored to original.

The best way to become a good penetration tester is to practice. And Metasploitable is a good Linux platform to play with. I will not go into to much depth (there are plenty of Metasploitable tutorials out there already) but in my next post (Metasploitable – Gaining Root on a Vulnerable Linux System) I will show you how to get root access on the image using Backtrack 5R2.